...
The pair then shifted gears into security. Hohndel brought up the huge
number of Common Vulnerabilities and Exposures (CVE) in the Linux
kernel. This isn't because Linux is insecure. Torvalds replied, "Bugs
will happen, and anything can be a security bug if somebody is clever
enough to just figure out how to abuse it."
Torvalds continued, "One reason why I stress that all security issues
are just bugs is that there's this tendency in the IT industry to treat
security issues as something really, really, really special, and that
actually ends up harming everybody."
So, what should you do about the constant weekly flow of Linux security
bug fixes? Greg Kroah-Hartman, the maintainer of the Linux stable
kernel, thinks you should constantly update to the newest, most secure
stable Linux kernel. Torvalds agrees but can see the case for sticking
with older kernels and relying on less frequent security patch
backports.
Torvalds said, "There is some stability with old kernels, and we do
backport for patches and fixes to them, but some fixes get missed
because people don't think they're important enough, and then it turns
out they were important enough."
Besides, if you stick with an old kernel for too long when you finally
need to update to a newer one, it can be a massive pain to do so. So,
"to all the Chinese embedded Linux vendors who are still using the
Linux 4.9 kernel," Torvalds said, wagging his finger, "Stop."
In addition, Hohndel said that when patching truly ancient kernels, the
Linux kernel team can only say, "Sorry, we can't help you with that. It
was so long ago that we don't even remember how to fix it."
...
On Sat, Aug 24 2024 at 06:01:26 PM +02:00:00, Philippe Strauss via gull
<gull@forum.linux-gull.ch> wrote:
Discussion de Linus notamment au sujet des fix de sécurité aux
différentes versions du noyau:
https://www.zdnet.com/article/linus-torvalds-talks-ai-rust-adoption-and-why-the-linux-kernel-is-the-only-thing-that-matters/
_______________________________________________
gull mailing list
gull@forum.linux-gull.ch
https://forum.linux-gull.ch/mailman/listinfo/gull
